(OA454) - Senior Technical Analyst - Application Security

(OA454) - Senior Technical Analyst - Application Security

03 May
|
Fidelity International
|
Gurgaon district

03 May

Fidelity International

Gurgaon district

Department Description



The Information & Technology Risk department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. 



Information Security & Technology Risk (ISTR) is responsible for:



- Cyber Security:

Protecting the Technology Environment from internal and external security threats,Application Security (through secure coding practices, penetration testing, and developer training)Centralised Access Management – working to principles of least privilege, access appropriate to role, and Role Based Access ControlInfrastructure SecuritySecurity Engineering and ArchitectureSecurity Application SupportCyber Defence Operations

- Information Security Risk Management

- Technology Risk and Audit Management,

- Technology Service Continuity



Application Security is part of IT Security group within the Information Security and Technology Risk (IS &TR;) Technology organisation of Fidelity International and is responsible for maintaining the Confidentiality, Integrity and Availability of Fidelity Information Systems, across a multi-regional, global company network.



Purpose of the Role



Application Security group is responsible for ensuring that Fidelity applications are designed, developed and deployed securely. The role will involve working closely with development groups to ensure secure design, development and implementation of services and components. As Technical Specialist, person would be responsible to understand complex technical and architectural issues from security perspective and the ability to understand the implications associated with the chosen technical strategy.



This position will focus on security of new and existing services to support business functionality. The role will involve working closely with development groups to securely design, develop and implement services and components.



The role will focus on reviewing application security mechanisms inbuilt into the applications, by carrying out Security reviews i.e. Secure Requirement Review, Secure Design Review, Code Review, and Penetration Testing. This role would also demand interaction with Fidelity vendors to conduct risk assessment. The job involves working closely with development groups, Enterprise Architecture, ISO (information Security Officer) so that the applications are compliant with FIL Information Security Standards.



The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology and problem solving, will display good interpersonal skills and show confidence and ability to interact professionally with people at all levels. FIL Systems are implemented in a wide range of technologies based on architectural standards.



Key Responsibilities



- Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Requirements review, Design review, Code Review, Penetration testing (Ethical Hacking), Vendor Risk Assessment.

- Liaison with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.

- Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.

- Be “hands on” with technology and to contribute to the design, development and support of projects with the Security recommendations.

- Review design and development artefacts to ensure security quality in the products being developed.

- Evolve security review processes in accordance with Information Security Standards and market best practices.

- Contribute to Enterprise Architecture in definition of the technology stack and various standards and guidelines for development teams.

- Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards.

- Provide diligent and competent service to customers by delivering an impartial and accurate service with Integrity, honesty and in accordance with the Information Security Policy and Standards

- Foster security awareness and understanding.



Experience and Qualifications Required



Must Have



- 4-6 years of conducting application security assessments i.e. Architecture and Design review, Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment.

- Working knowledge of key security technologies i.e. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)

- Working knowledge of executing source code analyzers to unearth security vulnerabilities in the source code

- Run and analyse security Penetration testing and pinpoint security issues and suggest countermeasures for security improvements

- Knowledge of attack vectors from OWASP, WASC and mitigation of the same.

- Knowledge in various open source security tools such as proxies, fuzzers etc

- Proven expertise in web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.).

- Strong understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols

- Proven ability to quickly earn the trust of sponsors and key stakeholders; mobilize and motivate teams; set direction and approach; resolve conflict; deliver tough messages with grace; execute with limited information and ambiguity

- Capable of understanding end user requirements from security perspective

- Sound business and technical acumen



Good to Have



- Integrate Security into DevOps and enable security automation in CI/CD pipeline

- Professional Qualification : CEH, ECSA, LPT or Any other equivalent certification.

- Focused and versatile team player that is comfortable under pressure

- Ability to remove barriers and enable teams to complete their objectives

- Excellent problem-solving and critical-thinking skills

- Understanding of emerging technologies and corresponding security threats

- Self-motivated, flexible, with a ‘can do’ attitude.

- Solid influencing skills

- Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organisation.



Fidelity International offers investment solutions and services and retirement expertise to more than 2.5 million customers globally. As a privately-held, purpose-driven company with a 50-year heritage, we think generationally and invest for the long term. Operating in more than 25 locations and with $611.4 billion in total assets, our clients range from central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals.



Our Workplace & Personal Financial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest $471 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures.



Our clients come from all walks of life and so do we. We are proud of our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more.



As a flexible employer, we trust our people to perform their role in the way that works best for them, our clients and our business. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond. Data as at 30 September 2020. Read more at

The original job offer can be found in Kit Job:
https://www.kitjob.in/job/22420409/oa454-senior-technical-analyst-application-security-gurgaon-district/?utm_source=html

Reply to this offer

Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: (oa454) - senior technical analyst - application security
Publish a new Free Offer
Need to publish an offer? With more than 1 million unique users per month, you will find the ideal candidate for your company instantly, what are you waiting for!
Publish Now

Subscribe to this job alert